<?php
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//
// DLMan by Shedd Technologies International		  				//
// http://www.dlman.com | info@dlman.com							//
// Copyright 2003 by STI, All rights reserved.						//
// ---------------------------------------------------------------- //
// Usage of this software is governed by the terms of GPL. 	    	//
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//

/*
Reset and present user with new password.
*/
require_once("../uis.php");
require_once("../config.php");
require_once("../global.php");

if(!isset($stage)){
	header("location: ".$PHP_SELF."?stage=2&user5=$username&pass567890=".make_password(8));
}
elseif($stage=="2"){
	//third step:
		//make change, close button, run main window refresh
		if($continue=="yes"){
			//do db change
			if($config->password=="md5"){
				$sql="UPDATE ".$config->dt['user']." SET ".$config->field['password']."='".md5($pass567890)."' WHERE ".$config->field['username']."='$user5';";
			}
			else{
				$sql="UPDATE ".$config->dt['user']." SET ".$config->field['password']."='".$pass567890."' WHERE ".$config->field['username']."='$user5';";
			}
			
			if(!$result=mysql_query($sql)){
				print "<p>Error in updating data!<br>";
				print mysql_error();
				print '<br><a href="';
				print $PHP_SELF;
				print '">Click Here to try again</a><br><br>';
				print "$sql</p>";
			}//end error
			else{
				//pull sales department address
				$sql="SELECT sales_address FROM ".$config->dt['settings']."";
				$result=mysql_query($sql);
				while($value=mysql_fetch_array($result)){
					$from=$value['sales_address'];
					$cc=$value['sales_address'];
				}
				
				//pull user email
				$sql="SELECT ".$config->field['email']." FROM ".$config->dt['user']." WHERE ".$config->field['username']."='$user5';";
				$result=mysql_query($sql);
				$value=mysql_fetch_array($result);
				
				//pull email
				$sql="SELECT mail_lostpass FROM ".$config->dt['settings']."";
				$result=mysql_query($sql);
				while($value=mysql_fetch_array($result)){
					$body=$value['mail_lostpass'];
				}
				
				//MAIL PASSWORD TO USER
					/* recipients */
						$to 		= $value[$config->field['email']];
					/* subject */
						$subject 	= "New Password";
					/* message */
						$message 	= parse($body,$pass567890);
					/* additional headers */
						$headers 	= "From: $from\r\n";//from has already been defined
						$headers 	.= "Cc: $cc\r\n";//$cc has already been defined
					/* send the mail */
					if(!mail($to, $subject, $message, $headers)) print "<P><b>Unable To Send New Password to User!</b></P>";
			}
		}
	//print HTML
	?>
	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
	<html>
	<head>
			<title>Lost Password Recovery</title>
		<style type="text/css">
		<!--
		.prefinput{
			color: #333333;
			font-family: Verdana, Arial, Helvetica, sans-serif;
			font-size: 11px;
			font-weight: normal;
			border-color: #333333;
			text-indent: 2px; 
			border-top-width: 1px;
			border-right-width: 1px;
			border-bottom-width: 1px;
			border-left-width: 1px; 
			background: #f8f8f8;
		}
		.button {
			background-color: #F8F8F8;
			color: #333333;
			border-color: black;
			font-family: Verdana, Arial, Helvetica, sans-serif;
			font-size: 11px;
			font-weight : bold;
			border-top-width: 1px;
			border-right-width: 1px;
			border-bottom-width: 1px;
			border-left-width: 1px; 
		}
		-->
		</style>
		<script language="JavaScript" type="text/javascript">
		//Verify password entry
		function validForm(passForm){
			if(passForm.new_pass_one.value==""){
				alert("You must enter a password");
				passForm.new_pass_one.focus();
				return false
			}
			if(passForm.new_pass_one.value!=passForm.new_pass_two.value){
				alert("Entered passwords do NOT match");
				passForm.new_pass_one.focus();
				passForm.new_pass_one.select();
				return false
			}
			return true
		}//end validForm()
		</script>
	</head>
	<body>
		<b>Your password has been emailed to you.</b><br>
		<form action="cart.php" method="post">
		<input name="" type="submit" value="Back to Cart">
		</form>
	</body>
	</html>
	<?php
}
////////////////////////////////////////////////////
function make_password($length){
    $vowels = 'aeiouyAEIOUY';
    $consonants = 'bdghjlmnpqrstvwxzBDGHJLMNPQRSTVWXZ';
    $password = '';
    
    $alt = time() % 2;
    srand(time());

    for ($i = 0; $i < $length; $i++) {
        if ($alt == 1) {
            $password .= $consonants[(rand() % 17)];
            $alt = 0;
        } else {
            $password .= $vowels[(rand() % 6)];
            $alt = 1;
        }
    }
    return $password;
}

function parse($code,$password){
	global $PHP_SELF,$config;
	$code=str_replace("%PASSWORD%",$password,$code);//Password
	$code=str_replace("%SALESEMAIL%",$config->cs['sales_address'],$code);//Sales Department Email Address
	$code=str_replace("%URL%",$config->cs['forum_url'],$code);//Member Area URL
	$code=str_replace("%NAME%",$config->cs['forum_title'],$code);//Merchant Name
	$code=str_replace("%NL%",'\n',$code);//New Line Codes
	return $code;
}
?>
